Professional Services

---

• General Data Privacy Regulation (GDPR)
• ISO 27001/27002 Security Policy and Controls
• ISO 27017 Cloud Security
• ISO 27018 Protection of Personal Information
• ISO 27034 Secure Application Development
• NIST 800-53 Security Controls
• NIST 800-37R2 Risk Management Framework
• NIST 800-144 to 146 Public Cloud Computing framework
• Center for Internet Security (CIS) controls & benchmarks
• Various industry regulatory controls including CJIS, FedRAMP, GDPR, HIPAA, MoPI, NERC CIP

• Web and cloud operations & frameworks.
• IT infrastructure including networks & routing, protocols, firewalls, segmentation, VLANs, VPNs, tunneling, DNS, DHCP, and common reporting tools.
• Identity and Access Management tools including Active Directory, LDAP, OIDC, SAML, and ADFS.
• Commercial and Open Source security tools including those including Burp Suite, IBM App Scan, IBM QRadar, Kali Linux, Metasploit, Nmap, OpenVAS, Rapid7 AppSpider, SonarQube, Synopsys, Tenable Nessus, and Wireshark.
• Software development in C, C++, C#, Java, Linux shell (bash and others), Perl, PowerShell, PL/SQL, SQL, and various Windows WSH, VB & C shells, and with software development methodologies including CI/CD, Agile, SCRUM, waterfall, and SSADM.

• Understanding an organization’s context and priorities
• Recording, and assessing the organization’s physical, logical, operational, third-party, and regulatory touch points
• Categorizing, organizing, prioritizing and reporting potentially negative findings
• Guiding organizations to institute a program of value-based risk mitigations, authorizing the implementation, acceptance, or transfer of specific risks according to executive assessment of goals and objectives, recording actions for regular review.

• Improving business processes, enabling the exploitation of new technologies
• Secure product and project life cycle management
• Public, private, and hybrid cloud migration and operation
• Third-party assessment; and evaluation of emerging technologies
• Identification of opportunities to automate repetitive manual processes and improve process, IT
• Application performance / efficiency

Controlling access, avoiding user impediments:                    

• Identity and Access Management tools including Active Directory, LDAP, OAuth2, OIDC, SAML, and ADFS
• User, system, location, function, and data categorization & management practices.
• Secure Data Life Cycles to maintain confidentiality, integrity, and accessibility through the life of the data.

Top-down and bottom-up presentations, workshops, 

messaging, communication and training tailored for:

• C-Level executives
• Lawyers & Legal teams
• Middle managers
• Engineers
• Staff
• Third-parties and customers